Gentoo Archives: gentoo-commits

From: Joonas Niilola <juippis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-forensics/aide/, app-forensics/aide/files/
Date: Thu, 16 Jul 2020 14:39:19
Message-Id: 1594910323.bb3631a2ce08b85cd1ca25d2d9b8ae803cdebb66.juippis@gentoo
1 commit: bb3631a2ce08b85cd1ca25d2d9b8ae803cdebb66
2 Author: Yury Martynov <email <AT> linxon <DOT> ru>
3 AuthorDate: Wed Jun 24 15:43:23 2020 +0000
4 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
5 CommitDate: Thu Jul 16 14:38:43 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb3631a2
7
8 app-forensics/aide: bump to 0.16.2 (20200614)
9
10 Package-Manager: Portage-2.3.99, Repoman-2.3.23
11 Signed-off-by: Yury Martynov <email <AT> linxon.ru>
12 Closes: https://github.com/gentoo/gentoo/pull/16398
13 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
14
15 app-forensics/aide/Manifest | 1 +
16 app-forensics/aide/aide-0.16.2_p20200614.ebuild | 156 +++++++++++++++++++++
17 ...e-0.16.2_p20200614_define_hash_use_gcrypt.patch | 37 +++++
18 app-forensics/aide/files/aide.conf-r1 | 133 ++++++++++++++++++
19 app-forensics/aide/metadata.xml | 12 +-
20 5 files changed, 338 insertions(+), 1 deletion(-)
21
22 diff --git a/app-forensics/aide/Manifest b/app-forensics/aide/Manifest
23 index 1d08718bf48..adae5e37bdc 100644
24 --- a/app-forensics/aide/Manifest
25 +++ b/app-forensics/aide/Manifest
26 @@ -1 +1,2 @@
27 +DIST aide-0.16.2_p20200614.tar.gz 144202 BLAKE2B a2533eaf0dd6caa82718eaa89878ddc101f64767788eeac3a250ceb584a2c5958ef8a5481b89eeb720e21af07da8f3576fb46d8ee9966fd2361354a35a7eaa6e SHA512 f5f83b8401465471043c60aeb6314f7bcab24c9f962f6ce550445bec8d866a5c8c00eba9e9f157f1223cde58631de139533c7de64fb3c861a5d8e7b5e367e106
28 DIST aide-0.16.tar.gz 391009 BLAKE2B 8769d8c6bdf72f307b75f3c1feaa2effdeaead00a0c65ab25bbb50dc6f7c7b53fda4d0a3a54dd5030de1444a34a81c294437d45193aeb8aec7ef0af83a173d47 SHA512 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7
29
30 diff --git a/app-forensics/aide/aide-0.16.2_p20200614.ebuild b/app-forensics/aide/aide-0.16.2_p20200614.ebuild
31 new file mode 100644
32 index 00000000000..794fd0db7d7
33 --- /dev/null
34 +++ b/app-forensics/aide/aide-0.16.2_p20200614.ebuild
35 @@ -0,0 +1,156 @@
36 +# Copyright 1999-2020 Gentoo Authors
37 +# Distributed under the terms of the GNU General Public License v2
38 +
39 +EAPI=7
40 +
41 +inherit autotools readme.gentoo-r1
42 +
43 +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a file integrity checker"
44 +HOMEPAGE="https://aide.github.io/ https://github.com/aide/aide"
45 +
46 +COMMIT="7949feff20501724a43929ee7894b005812ffb4f" # 20200614
47 +SRC_URI="https://github.com/aide/aide/archive/${COMMIT}.tar.gz -> ${P}.tar.gz"
48 +
49 +LICENSE="GPL-2"
50 +SLOT="0"
51 +KEYWORDS="~amd64 ~x86"
52 +IUSE="acl audit curl e2fs mhash postgres prelink selinux static xattr zlib"
53 +
54 +REQUIRED_USE="
55 + postgres? ( !mhash )
56 + static? ( !audit !curl !postgres )"
57 +
58 +COMMON_DEPEND="
59 + dev-libs/libpcre
60 + acl? ( virtual/acl )
61 + audit? ( sys-process/audit )
62 + curl? ( net-misc/curl )
63 + e2fs? ( sys-fs/e2fsprogs )
64 + !mhash? (
65 + dev-libs/libgcrypt:0=
66 + dev-libs/libgpg-error
67 + )
68 + mhash? ( app-crypt/mhash )
69 + postgres? ( dev-db/postgresql:= )
70 + prelink? ( dev-libs/elfutils )
71 + selinux? ( sys-libs/libselinux )
72 + xattr? ( sys-apps/attr )
73 + zlib? ( sys-libs/zlib )"
74 +
75 +RDEPEND="
76 + !static? ( ${COMMON_DEPEND} )
77 + selinux? ( sec-policy/selinux-aide )"
78 +
79 +DEPEND="${COMMON_DEPEND}
80 + static? (
81 + dev-libs/libpcre[static-libs]
82 + acl? ( >=virtual/acl-0-r1[static-libs] )
83 + e2fs? ( sys-fs/e2fsprogs[static-libs] )
84 + !mhash? (
85 + dev-libs/libgcrypt:0[static-libs]
86 + dev-libs/libgpg-error[static-libs]
87 + )
88 + mhash? ( app-crypt/mhash[static-libs] )
89 + prelink? ( dev-libs/elfutils[static-libs] )
90 + selinux? ( sys-libs/libselinux[static-libs] )
91 + xattr? ( sys-apps/attr[static-libs] )
92 + zlib? ( sys-libs/zlib[static-libs] )
93 + )"
94 +
95 +BDEPEND="
96 + sys-devel/bison
97 + sys-devel/flex
98 + virtual/pkgconfig
99 + prelink? ( sys-devel/prelink )"
100 +
101 +HTML_DOCS=( doc/manual.html )
102 +
103 +DISABLE_AUTOFORMATTING=1
104 +DOC_CONTENTS="
105 +Example configuration file was installed at '${EPREFIX}/etc/aide/aide.conf'.
106 +Please edit it to meet your needs. Refer to aide.conf(5) manual page
107 +for more information.
108 +
109 +A helper script, aideinit, was installed and can be used to make AIDE
110 +management easier. Please run 'aideinit --help' for more information."
111 +
112 +PATCHES=(
113 + "${FILESDIR}/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch"
114 + "${FILESDIR}/aide-0.16-fix-acl-configure-option.patch"
115 +
116 + # Remove not available gcrypt algorithm 7 DB_HAVAL
117 + # See: https://sourceforge.net/p/aide/bugs/105/
118 + "${FILESDIR}/${P}_define_hash_use_gcrypt.patch"
119 +)
120 +
121 +S="${WORKDIR}/${PN}-${COMMIT}"
122 +
123 +pkg_setup() {
124 + if use postgres; then
125 + ewarn "\nWARNING!"
126 + ewarn "You need to choose one of the postgres versions before building"
127 + ewarn "\nPlease select a target postgres version/slot using:\n"
128 + ewarn " ~# eselect postgresql list"
129 + ewarn " ~# eselect postgresql set <version>\n"
130 + fi
131 +}
132 +
133 +src_prepare() {
134 + default
135 + sed -i -e 's| -Werror||g' configure.ac || die
136 + echo "m4_define([AIDE_VERSION], [${PV}])" > version.m4 || die
137 + eautoreconf
138 +}
139 +
140 +src_configure() {
141 + local myeconfargs=(
142 + --sysconfdir="${EPREFIX}/etc/${PN}"
143 + --with-confighmactype="sha512" # Override default weak MD5 hash.
144 + --with-dbhmackey="sha512" # Override default weak MD5 hash.
145 + # Disable broken l10n support: https://sourceforge.net/p/aide/bugs/98/
146 + # This doesn't affect anything because there are no localizations yet.
147 + --without-locale
148 + $(use_enable static)
149 + $(use_with zlib)
150 + $(use_with curl)
151 + $(use_with acl posix-acl)
152 + $(use_with selinux)
153 + $(use_with prelink prelink "${EPREFIX}/usr/sbin/prelink")
154 + $(use_with xattr)
155 + $(use_with e2fs e2fsattrs)
156 + $(use_with mhash mhash)
157 + $(use_with !mhash gcrypt)
158 + $(use_with postgres psql)
159 + $(use_with audit)
160 + )
161 +
162 + econf "${myeconfargs[@]}"
163 +}
164 +
165 +src_install() {
166 + default
167 + readme.gentoo_create_doc
168 +
169 + insinto /etc/${PN}
170 + insopts -m0600
171 + newins "${FILESDIR}"/aide.conf-r1 aide.conf
172 +
173 + dosbin "${FILESDIR}"/aideinit
174 + dodoc -r contrib/ "${FILESDIR}"/aide.cron
175 +
176 + keepdir /var/{lib,log}/${PN}
177 +}
178 +
179 +pkg_postinst() {
180 + readme.gentoo_print_elog
181 +
182 + if use postgres; then
183 + elog "\nDue to a bad assumption by aide, you must issue the following"
184 + elog "command after the database initialization (aide --init ...):"
185 + elog '\n ~# psql -c "update pg_index set indisunique=false from pg_class \\ '
186 + elog " where pg_class.relname='TABLE_pkey' and \ "
187 + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER'
188 + elog "\nwhere TABLE, HOSTNAME, PORT, DBASE, and USER are the same as"
189 + elog "in your aide.conf.\n"
190 + fi
191 +}
192
193 diff --git a/app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch b/app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch
194 new file mode 100644
195 index 00000000000..e643a0017de
196 --- /dev/null
197 +++ b/app-forensics/aide/files/aide-0.16.2_p20200614_define_hash_use_gcrypt.patch
198 @@ -0,0 +1,37 @@
199 +diff -Nur aide-0.16/include/md.h aide-0.16.new/include/md.h
200 +--- aide-0.16/include/md.h 2016-07-25 22:56:55.000000000 +0200
201 ++++ aide-0.16.new/include/md.h 2018-11-21 14:07:01.347479021 +0100
202 +@@ -48,7 +48,7 @@
203 + #define HASH_GCRYPT_COUNT GCRY_MD_CRC32
204 + #ifndef WITH_MHASH
205 + #define HASH_USE_GCRYPT (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|\
206 +- DB_HAVAL|DB_CRC32|DB_SHA256|DB_SHA512)
207 ++ DB_CRC32B|DB_SHA256|DB_SHA512)
208 + #endif
209 + #endif
210 +
211 +diff -Nur aide-0.16/src/md.c aide-0.16.new/src/md.c
212 +--- aide-0.16/src/md.c 2016-07-25 22:56:55.000000000 +0200
213 ++++ aide-0.16.new/src/md.c 2018-11-21 14:06:05.602295496 +0100
214 +@@ -55,10 +55,12 @@
215 + r=DB_TIGER;
216 + break;
217 + }
218 ++/* until libgcrypt-1.8.4 not implemented yet, see doc/gcrypt.info-1
219 + case GCRY_MD_HAVAL: {
220 + r=DB_HAVAL;
221 + break;
222 + }
223 ++*/
224 + case GCRY_MD_SHA256: {
225 + r=DB_SHA256;
226 + break;
227 +@@ -219,7 +221,7 @@
228 + if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){
229 + md->calc_attr|=h;
230 + } else {
231 +- error(0,"gcry_md_enable %i failed",i);
232 ++ error(0,"gcry_md_enable %i failed, see /usr/include/gcrypt.h enum gcry_md_algos",i);
233 + md->todo_attr&=~h;
234 + }
235 + }
236
237 diff --git a/app-forensics/aide/files/aide.conf-r1 b/app-forensics/aide/files/aide.conf-r1
238 new file mode 100644
239 index 00000000000..87df5e168c8
240 --- /dev/null
241 +++ b/app-forensics/aide/files/aide.conf-r1
242 @@ -0,0 +1,133 @@
243 +# Example configuration file for AIDE
244 +# See more: man 5 aide.conf
245 +
246 +database=file:/var/lib/aide/aide.db
247 +database_out=file:/var/lib/aide/aide.db.new
248 +
249 +# Change this to "no" or remove it to not gzip output
250 +# (only useful on systems with few CPU cycles to spare)
251 +gzip_dbout=yes
252 +
253 +# Default: 5
254 +#verbose=5
255 +
256 +report_url=file:/var/log/aide/aide.log
257 +report_url=stdout
258 +#report_url=stderr
259 +
260 +# Here are all the things we can check - these are the default rules
261 +#
262 +# p: permissions
263 +# ftype: file type
264 +# i: inode
265 +# l: link name
266 +# n: number of links
267 +# u: user
268 +# g: group
269 +# s: size
270 +# b: block count
271 +# m: mtime (modification time)
272 +# a: atime (access time)
273 +# c: ctime (change time)
274 +# S: check for growing size
275 +# I: ignore changed filename
276 +# ANF: allow new files
277 +# ARF: allow removed files
278 +# md5: md5 checksum
279 +# sha1: sha1 checksum
280 +# sha256: sha256 checksum
281 +# sha512: sha512 checksum
282 +# rmd160: rmd160 checksum
283 +# tiger: tiger checksum
284 +# crc32: crc32 checksum
285 +# R: p+ftype+i+l+n+u+g+s+m+c+md5+X
286 +# L: p+ftype+i+l+n+u+g+X
287 +# E: Empty group
288 +# X: acl+selinux+xattrs+e2fsattrs (if groups are explicitly enabled)
289 +# >: Growing file p+ftype+l+u+g+i+n+S+X
290 +
291 +# Defines formerly set here have been moved to /etc/default/aide.
292 +
293 +# Custom rules
294 +Binlib = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160
295 +ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160
296 +Logs = p+i+n+u+g+S
297 +Devices = p+i+n+u+g+s+b+c+md5+sha256+rmd160
298 +Databases = p+n+u+g
299 +StaticDir = p+i+n+u+g
300 +ManPages = p+i+n+u+g+s+b+m+c+md5+sha256+rmd160
301 +
302 +# Next decide what directories/files you want in the database
303 +
304 +# Kernel, system map, etc.
305 +=/boot$ Binlib
306 +# Configs
307 +/etc ConfFiles
308 +!/etc/mtab
309 +# Binaries
310 +/bin Binlib
311 +/sbin Binlib
312 +/usr/bin Binlib
313 +/usr/sbin Binlib
314 +/usr/libexec Binlib
315 +/usr/local/bin Binlib
316 +/usr/local/sbin Binlib
317 +#/usr/games Binlib
318 +# Libraries
319 +/lib(64)? Binlib
320 +/usr/lib(64)? Binlib
321 +/usr/local/lib(64)? Binlib
322 +# Log files
323 +=/var/log$ StaticDir
324 +#!/var/log/ksymoops
325 +/var/log/aide/aide.log(.[0-9])?(.gz)? Databases
326 +/var/log/aide/error.log(.[0-9])?(.gz)? Databases
327 +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases
328 +!/var/log/aide
329 +/var/log Logs
330 +# Devices
331 +!/dev/pts
332 +# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr,
333 +# you may uncomment this to get rid of them. They're harmless but sometimes
334 +# annoying.
335 +#!/dev/cpu/mtrr
336 +#!/dev/xconsole
337 +/dev Devices
338 +# Other miscellaneous files
339 +/var/run$ StaticDir
340 +!/var/run
341 +# Test only the directory when dealing with /proc
342 +/proc$ StaticDir
343 +!/proc
344 +
345 +# You can look through these examples to get further ideas
346 +
347 +# MD5 sum files - especially useful with debsums -g
348 +#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1
349 +
350 +# Check crontabs
351 +#/var/spool/anacron/cron.daily Databases
352 +#/var/spool/anacron/cron.monthly Databases
353 +#/var/spool/anacron/cron.weekly Databases
354 +#/var/spool/cron Databases
355 +#/var/spool/cron/crontabs Databases
356 +
357 +# manpages can be trojaned, especially depending on *roff implementation
358 +#/usr/man ManPages
359 +#/usr/share/man ManPages
360 +#/usr/local/man ManPages
361 +
362 +# docs
363 +#/usr/doc ManPages
364 +#/usr/share/doc ManPages
365 +
366 +# check users' home directories
367 +#/home Binlib
368 +
369 +# check sources for modifications
370 +#/usr/src L
371 +#/usr/local/src L
372 +
373 +# Check headers for same
374 +#/usr/include L
375 +#/usr/local/include L
376
377 diff --git a/app-forensics/aide/metadata.xml b/app-forensics/aide/metadata.xml
378 index f661f6e69f0..c7da79793a7 100644
379 --- a/app-forensics/aide/metadata.xml
380 +++ b/app-forensics/aide/metadata.xml
381 @@ -1,12 +1,22 @@
382 <?xml version="1.0" encoding="UTF-8"?>
383 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
384 <pkgmetadata>
385 - <!-- maintainer-needed -->
386 + <maintainer type="person">
387 + <email>email@××××××.ru</email>
388 + <name>Yury Martynov</name>
389 + </maintainer>
390 + <maintainer type="project">
391 + <email>proxy-maint@g.o</email>
392 + <name>Proxy Maintainers</name>
393 + </maintainer>
394 <use>
395 <flag name="e2fs">Enable support for checking file attributes on ext2/ext3/ext4 filesystems</flag>
396 + <flag name="curl">Use curl for http,https and ftp backends</flag>
397 + <flag name="postgres">Use postgresql library for storing databases</flag>
398 <flag name="prelink">Bypass prelinking when calculating checksums</flag>
399 </use>
400 <upstream>
401 + <remote-id type="github">aide/aide</remote-id>
402 <remote-id type="sourceforge">aide</remote-id>
403 </upstream>
404 </pkgmetadata>